Security and Compliance Center
122 TopicsUsing the eDiscovery tool for content search in the Microsoft 365 Compliance Center!
Dear Microsoft 365 Friends, This article is about the eDiscovery (content search) tool in Microsoft 365. Before we start, a quick word about licenses. In order to work with the tool, you need the necessary licenses. Please have a look at the following link: https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-core-ediscovery?view=o365-worldwide In my case I had to clarify the question, would emails with certain words be sent or received. To clarify this, I created a content search with eDiscovery. How this is done exactly, I will explain in the next steps. We start our investigation in the Microsoft 365 Admin Center. On the left side click on "Show All" (if not everything is displayed) and select the Complicane Center. In order to work with eDiscovery we need the necessary permissions. Click on Permissions. In the "Compliance Center" category, click "Roles". Search for eDiscovery Manager and click on this Role Group. This will give you the details of this Role Group. Navigate down and you will see "eDiscovery Manager" and "eDiscovery Administrator". For this demo, I added my account to the "eDiscovery Administrator". This is not necessarily following the concept of "working with the least privileges" (but absolutely OK for this demo). In a Productive environment, you can assign a person the role of "eDiscovery Manager" in an eDiscovery case (we'll get to that in a moment). Thus, this person only gets access to this one eDiscovery case. Click on "edit". Click on "edit" again. Find the user and click on "add" and then on "done". In the "Compliance Center", navigate to eDiscovery and select "Core". Click on "Create a case". Enter a name and if you want a description and click "save". We have now only created the "container" but not configured anything yet. We will change that in a moment. Navigate to "Searches" and click on "New search". Specify a name and description. Then click on "next". Now select the locations. This selection depends very much on your search. Then click on "next". For keyword I use as search term "Testversion". The goal is to find emails that contain this word. If you want you can work with conditions to limit this search. I like to start very general to get an overview, narrowing can be done later. Then click on "next". And now "Submit". Depending on the size of the organization and the number of objects that need to be examined, it can take a very long time until the status "Completed" is reached. Allow yourself time. If the status is "Completed", click on your search and you will get a "Summary". At the bottom click on "Review sample". Bingo! We see a list of emails, and in the first email we already see our keyword. Sure this wasn't super exciting, but I still wanted to share this information with you. I hope this article was helpful for you? Thank you for taking the time to read this article. Best regards, Tom WechslerSensitivity label owner
Hi, I'm currently testing with sensitivity labels for some customers and during tests I found some serious issues with this technology. As far as I checked and the MS documentation wants to tell me, the first person applying a label is the label/document owner for all eternity^^ So how can I change this programmatically and what happens when this person has left the company? Who is then the owner or can this label never be changed? Thanks and Regards!Solved6.5KViews0likes4CommentsRegarding Exact Data Matches (EDM)
Hi All, We have configured EDM sensitive types. We have got a couple of questions regarding the hash file of customer data that us uploaded using thr EDM Upload Agent. 1. Where are the hash files stored in M365 2.What happens to the old hash file once a new is uploaded 3. Can the EDM upload agent work in presence of a proxy like Zscaler or MWG 4.Can we access the uploaded hash file on M365 Compliance portal 5. What is the best location (on-premise) to deploy the EDM Upload Agent VM Please provide help ASAP as I need to provide info on this to my team by the end of this week.adding emails or domains to a Phish Whitelist
Hello, I am been searching for a way to whitelist emails or domains that are getting caught by the Phishing Net LOL. The emails are confirmed to be legit. I try to spot check the quarantine, but some days I forget to. I know how to whitelist for Spam not for Phish. Thank you.New Blog Post | What's New: Azure Sentinel - SOC Process Framework 8 Part Video Series!
What's New: Azure Sentinel - SOC Process Framework 8 Part Video Series! - Microsoft Tech Community In this 8 part video series learn how to use the SOC Process Framework to manage your security team or Security Operations Center. You will hear expert level conversations about the development and implementation of security processes and procedures. This SOC-in-a-box approach provides easy to customize workflows and a standards-based framework to help you implement and continuously improve the multiple processes and procedures required by any modern security operations team.MCAS or 365 Security
Hey all, I'm relatively new into the industry and been tasked with championing some of our E5 platforms. We have both MCAS and MS 365 Security which I'm going to call MDE... My questions are: 1. Which one should I be using to manage alerts? a. Why can't I manage alert policies in MDE and I can in MCAS. 2. What are the differences between the two? 3. Should we even be using both of them?2.3KViews0likes3CommentsNew Blog Posts | Security and Compliance pt. 2
Protect your Power BI instance using Microsoft Cloud App Security - Microsoft Tech Community In the Microsoft Cloud App Security and Power BI teams (two of the named leaders in the Cloud Access Security Broker (CASB), and Analytics and BI markets, respectively), we have identified an opportunity to provide an even more comprehensive solution. By bringing these two technologies together, we provide security administrators the tools they need to safely onboard business users to a large cloud workload such as Power BI (which has become an even greater key service for businesses in “work-from-home” mode during the COVID-19 crisis), while enjoying peace of mind with respect to the threats and risks inherent in using cloud services. MCAS Data Protection Blog Series: MCAS DLP Walk-Through - Microsoft Tech Community We will be focusing on the new capability of extending Microsoft data loss prevention to MCAS (announced in Septemberhere) in theCompliance Center. MCAS Ninja Training has been updated! - Microsoft Tech Community Check it out athttp://aka.ms/mcasninja! Check out our new videos focused on Insider Risk Management !!! - Microsoft Tech Community We figured out that watching short videos is sometimes the best way and use of our customers time to learn about our products and innovations... So... we created a video series! Insider risks aren’t just a security problem In this podcast we explore how partnering with Human Resources can create a strong insider risk management program, a better workplace and more secure organization. We uncover the types of HR data that can be added to an insider risk management system, using artificial intelligence to contextualize the data, all while respecting privacy and keeping in line with applicable policies. EnhancingMicrosoftDefender for IdentityData Using Microsoft365 Defender - Microsoft Tech Community After a customer has connected Microsoft Defender for Identityto Microsoft 365 Defenderone of the benefits is the ability to query the Defender for Identityactivities.In this blog weshowcase two customeruse casesthat took advantage oftheAdvanced Huntingfunctionality available today. M365 presents: interactive user guides for Teams DLP, Endpoint DLP and Insider Risk! - Microsoft Tech Community Follow these step by step guides to help you get started in configuring Teams DLP, Endpoint DLP and Insider Risk in your organization! ANNOUNCEMENT: MCAS 3rd Party IdP Documentation - Microsoft Tech Community We have some exciting news to share about our Microsoft Cloud App Security documentation updates. Last year, we released the ability to deploy Real Time Controls usingany identity provider (IdP). After receiving initial feedback from our customers and the field, the top three most requested IdPs were PingOne, Okta, and AD FS. The configuration can be tricky. We thought publishing an example for each IdP would be useful for our users. We are happy to announce that all three guides are nowLIVE! Azure AIP Portal Label & Policy Management Admin Experience - Post March 31st Deprecation - Microsoft Tech Community This blog lists key admin components that will be deprecated and describes how this impacts the admin. GCC-H AIP Manual Migration - Microsoft Tech Community This blog gives an end-to-enduse case exampleon how a GCC-H admin can migrate their parent label and sublabel with its corresponding protection template from the AIP Portal to the Security and Compliance Center. Additional information aboutlabel migrationcan be found in our official documentation. Law Firms We Hear You! Introducing Microsoft 365 Solution for Legal - Microsoft Tech Community We have developed a 4-phased approach to 1) Enable, 2) Empower, 3) Differentiate, and 4) Transform your journey to Microsoft Teams leveraging Microsoft 365 security and compliance tools.New Blog Posts | Security and Compliance
Announcing new Microsoft Information Protection capabilities to know and protect your data. - Microsoft Tech Community We are announcing thegeneral availability of 49 newand 12 improvedsensitive information types, covering key regulations in Europe and Asia Pacific.We are also announcing new features that improve the accuracy of sensitive information types and enable you to customize them to suit your organization’s unique needs. Compliance Ecosystem Growth (microsoft.com) By expanding MISA and including Microsoft Compliance, we are making it a holistic program across Security, Compliance, and Identity. Specifically, for Microsoft Compliance, we are adding the following five solutions to MISA portfolio. Don’t get caught off guard by the hidden dangers of insider risks! - Microsoft Tech Community We are excited to announce the public preview of additional features that make it easier to get started with Insider Risk Management and detect potential insider risk activities with enhanced machine learning models. Announcing co-authoring on Microsoft Information Protection-encrypted documents and labeling updates - Microsoft Tech Community The updates we announced bring the Microsoft 365 Apps’ built-in labeling client one step closer to feature parity with the Azure Information Protection client, and they allow administrators to deploy advanced capabilities easily and securely as part of the Microsoft 365 deployment. Microsoft commitment to close security skills gap - Microsoft Tech Community We strive to ensure customers have the skilling and learning resources they need to keep up in our world of complex cybersecurity attacks. By empowering our customers to increase their skilling knowledge, we enable customers to get up and running faster with Microsoft security and compliance solutions. We are excited to announce three new ways Microsoft is supporting skilling cyber security professionals. Announcing new assessment templates and enhanced capabilities in Compliance Manager - Microsoft Tech Community We are now excited to announcenew capabilitiesand assessment templatesthat willincrease regulation visibility, furtherenrich theuserexperience,and saveorganizationsvaluabletime. Microsoft Further Extends Unified Data Loss Prevention - Microsoft Tech Community We are pleased to announce a continued investment in DLP with three new capabilities that further extend and expand the scope of DLP to a third-party browser and on-premises file repositories, and the introduction of a new DLP management and workflow experience. Announcing the Public Preview of features in Microsoft Information Protection unified analytics - Microsoft Tech Community In Public Preview, Microsoft 365 Compliance Center’s enhanced unified labeling and analytics experience now offer support for the most awaited ‘Azure Information Protection (AIP) audit logs’ including exploration of all activities. Harnessing Advanced Audit to power your forensic investigations in 5 steps (microsoft.com) Advanced Audit can help organizations scope data compromise and respond to regulatory obligations by providing access to audit events that are important for forensic investigations, and by extending audit log retention for up to a year. Here’s 5 steps to quickly get started with Advanced Audit within Microsoft 365 compliance center out of the box. Protect your infrastructure with Secured-core server - Microsoft Tech Community Given themanyincentives motivating these attacks, raising the bar for attackers is a clearand urgentneedforWindows Server and Azure Stack HCI. Using our learnings from the Secured-core PC initiative, we arenowbringing these innovationsto Windows Server and Azure Stack HCI.In collaboration with our OEM partners and hardware ecosystem, we expect this effort tobringyour devicesadvanced hardware-based protection,while maintaining ease ofmanagement. Information protection strategies and roadmap to address issues around sensitive data This podcast features the leaders, program managers from Microsoft and experts from the industry to share details about the latest solutions and processes to help you manage your data, keep it safe and stay compliant. If you prefer to listen to the audio of this podcast instead, please visit:aka.ms/voicesofdataprotection